How to Change the SSH Port

  • 11/11/2025
  • 3 minute read
secure ssh configuration changing default ssh port for linux and windows servers

Why Change the Default SSH Port?

Changing the default SSH port is a common security practice that helps protect your server from automated attacks and brute-force scans. Since most bots target port 22, moving SSH to a different port can significantly reduce unwanted login attempts.

Info: This method does not replace strong security measures such as SSH keys or firewalls, but it adds an additional layer of protection known as security through obscurity.
Warning: Before making any changes, ensure you have an alternative access method (IPMI, console, or secondary SSH session). Incorrect configuration may lock you out of the server.

Changing SSH Port on Linux (Ubuntu, Debian, CentOS, RHEL)

  1. Connect to Your Server
    • Use your preferred SSH client to connect using the current port (default: 22).
  2. Edit the SSH Configuration File
    • Open the SSH configuration file:
      /etc/ssh/sshd_config
  3. Locate the “Port” Directive
    • Find the line that begins with Port.
  4. Change the Port Number
    • Replace the current port number with your desired value:
    Port 2222
  5. Save and Close
    • Save the file and exit the editor.
  6. Restart SSH Service
    sudo service ssh restart     # Ubuntu/Debian
sudo systemctl restart ssh   # CentOS/RHEL
Tip: Keep your existing SSH session open while restarting the service. This allows you to revert changes if something goes wrong.

Changing SSH Port on Windows (OpenSSH Server)

  1. Connect to Your Server
    • Use an SSH client like PuTTY on port 22.
  2. Navigate to the Configuration Directory
    • C:\ProgramData\ssh
  3. Edit sshd_config
    • Open the file in a text editor.
  4. Modify the Port Value
    Port 2222
  5. Restart SSH Server
    Restart-Service sshd

Firewall Considerations

After changing the SSH port, update your firewall rules to allow the new port:

  • UFW (Ubuntu)
sudo ufw allow 2222/tcp
  • firewalld (CentOS/RHEL)
sudo firewall-cmd --add-port=2222/tcp --permanent
sudo firewall-cmd --reload
Critical: Forgetting to update firewall rules is the most common reason administrators lose SSH access after changing the port.

Connecting Using the New SSH Port

After updates, connect using:

ssh -p 2222 username@your_server_ip

Replace 2222 with the new port number.

Note: Changing the SSH port does not stop targeted attacks, but it reduces noise and automated scanning attempts significantly.

If you manage production environments or high-traffic workloads, it’s a good idea to combine SSH hardening with reliable infrastructure. You can explore our dedicated server plans for secure and high-performance hosting options.

Frequently Asked Questions

Why should I change the default SSH port?
Changing the default SSH port from 22 to a custom port helps reduce automated scans and brute-force attacks that target common ports.

Does changing the SSH port make my server secure?
It improves security by reducing noise, but it is not enough on its own. You should also use SSH keys, disable root login where possible, and apply a firewall.

What is a good SSH port number?
Use a non-standard port above 1024 that is not used by other services. Avoid commonly scanned ports and document the chosen port clearly for your team.

I changed the SSH port and can’t connect. What should I do?
First, check firewall rules and confirm that the SSH service is listening on the new port. If remote access is completely lost, use your hosting provider’s console or IPMI access to revert the configuration.

You May Also Like
LLinux
Proxmox commands cheat sheet terminal output
Read More
  • 2 minute read

Proxmox Commands – cheat sheet

  • 20/11/2025
Managing Proxmox Virtual Environment (PVE) through the command line can significantly speed up administration tasks, especially when working…